domain is an important part of the Microsoft LAN solution. The release of almost every Windows Server version will be greatly improved and improved in the domain. What kind of domain experience will Microsoft bring to us as the latest version of Windows Server 2008? Here I will share some new applications based on Windows Server 2008 domain with examples. I hope these new features will bring you different domain management. Experience.
1. Deploying a read-only domain controller
The security of the domain controller (DC), especially its physical security, is a concern for administrators. A special domain controller, the Read-Only Domain Controller (RODC), has been added to Windows Server 2008. With RODC, we can deploy read-only domain controllers in network nodes that cannot guarantee physical security. This not only improves security, but also enables faster logins and more efficient access to network resources.
It is very simple to deploy a read-only domain controller (RODC) in Windows Server 2008. For example, if we want to deploy a Windows Server 2008 host in the jp.com domain as a read-only domain controller, we can do this by first logging in to the host as an administrator and then allowing the command prompt as an Administrator. The command "dcpromo /replicaornewdomain:readonlyreplica /installdns:yes /replicadomaindnsname:Woodgrovebank.com /sitename=default-first-site-name /safemodeadminpassword:ctocio!" Where /replicadomaindnsname:Woodgrovebank.com" specifies the domain name, "/safemodeadminpassword:ctocio!" sets the password of the domain controller administrator to ctocio!.
It should be noted that the process of obtaining the directory (AD) during installation Also install and configure DNS at the same time, and set the administrator password for the recovery mode of Active Directory. In addition, during the installation process, be sure to mainly view the output of the Trojan copy policy on the screen. In addition, other settings we can Keep the default. After the Active Directory is installed, the system will restart. After the system restarts, the host becomes a read-only domain controller (RODC).
2. Separation of management roles
Management role separation is a significant feature of read-only domain controllers (RODCs), we can specify a domain user to the role on the RODC without granting the user any user rights to the domain or other domain controllers In fact, these roles are very similar to local groups. With this feature, we can assign administrators to branch offices' RODCs for routine maintenance (such as disk fragmentation). Rather, don't need to give him a domain administrator username and password. The benefits of doing this are very obvious: first, you can liberate the administrator and achieve the allocation of DC management tasks; in addition, it will greatly enhance the security of the domain. Because authorized users can only perform specified operations without jeopardizing the security of other parts of the domain. At the same time, it avoids the risk of damage caused by misuse of DC management at any time by administrator users.
We perform the separation of administrative roles on a read-only domain controller (RODC): log in to the host as an administrator, run the command prompt as administrator, and then execute the following commands in sequence:
NTDSUTIL
Local Roles
Add Woodgrovebank.com\\jp Administrators
Show Role Administrators
Quit
Quit
(Figure 2)
Figure 2 NTDSUTIL
Briefly explain the above command, the first line is to enter the NTDSUTIL.exe command line, the second line is to enter the local The role setting state, the third line is the key command Add the user jp to the administrators group of the Woodgrovebank.com domain, the fourth line command is to display the members of the role administrator group, and the fifth and sixth lines of commands are to exit the NTDSUTIL tool.
Previous page 12 3 One page read the full text
Enabling configuration auditing The auditing features of Windows Server 2008 systems are not enable
My hp3704 can not be installed win2003 (depressed for a long time, a friend only know how to install
In Windows Server 2008, the login password must be complex enough by default. English, numbers, and
Before introducing Server Manager, lets take a look at what a role is. A role is a single, very targ
Nine ways to build a secure Win Server 2008
Backup function in Windows Server 2008 is fully transparent
Windows Server 2008 extension methods activation period before
Join cross-subnet routing Windows Server 2008 VPN
Windows 2008 install raid driver
Parsing Windows Server 2008 Server Management Console
Windows Server 2008 offline file configuration guide
Gene6 FTP can't start solution after cracking on Windows 2008
Windows Server 2008 as a print server troubleshooting
Windows Server 08 will be built with RSA's DLP
Win10 how to put IE browser on the desktop
After Win10 upgrades 10547, Excel can't close it. What should I do?
XP system how to cancel the driver signature prompt
Win10 system shutdown becomes automatic restart how to do
What is Boot.ini file? Where is the Boot.ini file
Dell notebook Win7 system how close the touch screen?
Windows 8.1 screen keyboard detailed
Cancel Windows XP system automatically prompts for low disk space